SlideShare ist ein Scribd-Unternehmen logo

IPsec Basics: AH and ESP Explained

Andriy Berestovskyy
Andriy Berestovskyy

Explains the basics of IPsec: why IPsec, main IPsec protocols (Authentication Header or AH/Encapsulating Security Payload or ESP), modes (tunnel/transport) and ciphers (MD5/AES). Explains how IPv4 packets are being transformed with IPsec protocols, what are the issues with NAT and what is NAT traversal. At the very end of the presentation there is a real life example for secure communication between two Linux hosts (using ip xfrm).

Internet
1 von 25
Downloaden Sie, um offline zu lesen
IPsec Basics Andriy Berestovskyy 2016 ( ц ) А н д р і й Б е р е с т о в с ь к и й networking hour TCP UDP NAT IPsec IPv4 IPv6 internet protocolsAH ESP authentication authorization accounting encapsulation security BGP OSPF ICMP ACLSNAT tunnel PPPoE GRE ARP discovery NDP OSI broadcast multicast IGMP PIM MAC DHCP DNS fragmentation semihalf berestovskyy
IPsec? 2
Internet Protocol Security (IPsec) — protocol suite for secure IP communications that works by authenticating and encrypting each IP packet of a communication session. — Wikipedia 3
p Why IPsec? 4 Host A Host B GW 1 Unprotected Network GW 2 p ? Examples?
p p p IPsec Rationale 5 Host A Host B GW 1 Unprotected Network GW 2 p p p p p Some Protection Unprotected Protected
Basic IPsec Terms Protocol: AH/ESP Authentication Header — just authenticate Encapsulating Security Payload — authenticate (optionally) and encrypt Mode:Transport/Tunnel Transport — encapsulates only IP payload (data) Tunnel — encapsulates an entire IP packet (VPN) Cipher: MD5/SHA-1/3DES/AES... Hashes — integrity check values for authentication (MD5, SHA-1) Encryption — using a secret key (3DES, Blowfish, AES, etc) 6 Key exchange?
Secret Key Key Exchange: IKE/Manual Internet Key Exchange — secure key exchange mechanism Manual — out of band key exchange mechanism Mode: Main/Aggressive Main — six packets to establish a secure association Aggressive — three packets, but less secure 7 How to protect IP packets?
IPv4 Packet Protocol Numbers: 1 — Internet Control Message Protocol (ICMP) 4 — IPv4 Encapsulation (IPv4) 6 — Transmission Control Protocol (TCP) 17 — User Datagram Protocol (UDP) 41 — IPv6 Encapsulation (IPv6) 47 — Generic Routing Encapsulation (GRE) 50 — Encapsulating Security Payload (ESP) 51 — Authentication Header (AH) ... http://www.iana.org/assignments/protocol-numbers 8 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Protected by IP Checksum
Authentication Header Next Hdr — next protocol number AH Length — 4-octet units, minus 2, multiple of 8 SPI — security association index on receiving host Seq Number — strictly increasing number ICV — authentication hash(es) 9 Next Hdr AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (ICV) ... 0 32 What for?
AH in Transport Mode 10 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = AH IP Checksum Original Source IP Original Destination IP Original TCP Segment ... 0 32 Next = TCP AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Protected by AH Protected by IP Checksum Why not?
AH in Tunnel Mode 11 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = AH IP Checksum Tunnel Source IP Tunnel Destination IP 0 32 Next = IP AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Original IP Packet ... Protected by AH Protected by IP Checksum
HMAC* Authentication 12 IP Packet Secret Key 0x363636363636... XORed Key 0x5c5c5c5c5c5c... Hash Function XORed Key Intermediate Hash Hash Function Integrity Check Value * Hash Message Authentication Code
Encapsulating Security Payload SPI — security association index on receiving host Seq Number — strictly increasing number (replay attack) Padding — extends payload to cipher block size Next Hdr — next protocol number ICV — authentication hash(es) 13 Security Parameters Index (SPI) Sequence Number Integrity Check Value (ICV) ... 0 32 Encrypted Payload ... Padding (0-255 bytes) Next HdrPad Len
ESP in Transport Mode 14 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Protected Protected by IP Checksum Encrypted and Protected Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Original Source IP Original Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP
ESP in Tunnel Mode 15 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Protected Protected by IP Checksum Encrypted and Protected Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Tunnel Source IP Tunnel Destination IP Encrypted IP Packet ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = IP
AES* Encryption 16 Round Key 0 * Advanced Encryption Standard Plain Data Substitute Bytes Shift Rows (Mix Columns) Encrypted Data Round Key N Initial Round Encryption Rounds (14 for AES-256) Note: no Mix Columns at last round
IPsec + NAT Any issues? 17
AH - does not work IPsec + NAT Issue 18 ESP - just one session Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = AH IP Checksum Source IP Destination IP Original TCP Segment ... 0 32 Next = TCP AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Source IP Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP Why?Why?
IPsec + NAT 19 AH - does not work ESP - just one session Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = AH IP Checksum Translated Source IP Original Destination IP Original TCP Segment ... 0 32 Next = TCP AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Translated Source IP Original Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP ouch! no ports :(
ESP NAT Traversal 20 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Translated Source IP Original Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto=UDP IP Checksum Translated Source IP Original Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP Destination Port = 4500 UDP Checksum Random Source Port Length
p p p Real World Example 21 Host A Host B GW 1 Unprotected Network GW 2 p p Security Association Security Policy p p p Security Params Idx Protected by IP Checksum Encrypted by ESP
Security Association Database ip xfrm state add src <SRC-IP> dst <DST-IP> proto esp [auth <ALGO> <KEY>] enc <CIPHER> <KEY> # xxd -p -l 16 /dev/urandom a4adda25cba555587d29b22135e3c174 # ip xfrm state add src 172.16.1.3 dst 172.16.1.4 proto esp spi 0x1 auth md5 MyPass enc aes 0xa4adda25cba555587d29b22135e3c174 # ip xfrm state add src 172.16.1.4 dst 172.16.1.3 proto esp spi 0x2 auth md5 MyPass enc aes 0xa4adda25cba555587d29b22135e3c174 22 # ip xfrm state show src 172.16.1.4 dst 172.16.1.3 proto esp spi 0x00000002 reqid 0 mode transport replay-window 0 auth-trunc hmac(md5) 0x4d7950617373 96 enc cbc(aes) 0xa4ad... sel src 0.0.0.0/0 dst 0.0.0.0/0 src 172.16.1.3 dst 172.16.1.4 proto esp spi 0x00000001 reqid 0 mode transport replay-window 0 auth-trunc hmac(md5) 0x4d7950617373 96 enc cbc(aes) 0xa4ad... sel src 0.0.0.0/0 dst 0.0.0.0/0
Security Policy Database ip xfrm policy add <SELECTOR> dir <DIR> tmpl <TEMPLATE> # ip xfrm policy add dev eth1 dir out tmpl proto esp 23 # ip xfrm policy show src 0.0.0.0/0 dst 0.0.0.0/0 dev eth1 dir out priority 0 tmpl src 0.0.0.0 dst 0.0.0.0 proto esp reqid 0 mode transport
Checklist 1. IPsec? 2. Transport vs tunnel? 3. AH? 4. ESP? 5. AH vs ESP? 6. HMAC? 7. Security Policy? 8. Security Association? 9. NAT traversal? 10. Linux tool? 24
References 1. RFC 4301. Security Architecture for the Internet Protocol. 2. RFC 4302. IP Authentication Header. 3. RFC 4303. IP Encapsulating Security Payload (ESP). 4. RFC 4306. Internet Key Exchange (IKEv2) Protocol. 5. An Illustrated Guide to IPsec: http://unixwiz.net/techtips/iguide-ipsec.html 6. IANA Protocol Numbers: http://www.iana.org/assignments/protocol-numbers 25

Empfohlen

Ipsec
IpsecIpsec
Ipsec
Baidyanath Dutta
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
El Gamal Cryptosystem
El Gamal CryptosystemEl Gamal Cryptosystem
El Gamal Cryptosystem
Adri Jovin
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptography
Cysinfo Cyber Security Community
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
Shobhit Sharma
 
Ip Sec
Ip SecIp Sec
Ip Sec
Ram Dutt Shukla
 

Empfohlen

Ipsec
IpsecIpsec
Ipsec
Baidyanath Dutta
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
El Gamal Cryptosystem
El Gamal CryptosystemEl Gamal Cryptosystem
El Gamal Cryptosystem
Adri Jovin
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptography
Cysinfo Cyber Security Community
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
Shobhit Sharma
 
Ip Sec
Ip SecIp Sec
Ip Sec
Ram Dutt Shukla
 
What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption Standards
Faisal Shahzad Khan
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
rajakhurram
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
C I D R
C I D RC I D R
C I D R
colmbennett
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
NetProtocol Xpert
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
gangadhar9989166446
 
Hashing
HashingHashing
Hashing
Hossain Md Shakhawat
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)
Peter R. Egli
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
Tirthika Bandi
 
Hash function
Hash function Hash function
Hash function
Salman Memon
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
inbroker
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
trilokchandra prakash
 
Random Oracle Model & Hashing - Cryptography & Network Security
Random Oracle Model & Hashing - Cryptography & Network SecurityRandom Oracle Model & Hashing - Cryptography & Network Security
Random Oracle Model & Hashing - Cryptography & Network Security
Mahbubur Rahman
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPT
Pijush Kanti Das
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Md. Afif Al Mamun
 
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
Kruti Niranjan
 
Ip addressing classful
Ip addressing classfulIp addressing classful
Ip addressing classful
Abhishek Kesharwani
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Shashank Shetty
 
Acl
AclAcl
Acl
Raghu Kiran
 
Ip Sec
Ip SecIp Sec
Ip Sec
Ram Dutt Shukla
 
IPsec with AH
IPsec with AHIPsec with AH
IPsec with AH
jtlevesque
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)
Peter R. Egli
 

Was ist angesagt? (20)

What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption Standards
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Hash Function
Hash FunctionHash Function
Hash Function
 
C I D R
C I D RC I D R
C I D R
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
Hashing
HashingHashing
Hashing
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Hash function
Hash function Hash function
Hash function
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
 
Random Oracle Model & Hashing - Cryptography & Network Security
Random Oracle Model & Hashing - Cryptography & Network SecurityRandom Oracle Model & Hashing - Cryptography & Network Security
Random Oracle Model & Hashing - Cryptography & Network Security
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPT
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
 
Ip addressing classful
Ip addressing classfulIp addressing classful
Ip addressing classful
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Acl
AclAcl
Acl
 

Ähnlich wie IPsec Basics: AH and ESP Explained

Computer network (12)
Computer network (12)Computer network (12)
Computer network (12)
NYversity
 
8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6
phanleson
 
Ip security in i psec
Ip security in i psecIp security in i psec
Ip security in i psec
Mohd Arif
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6
koolkampus
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdump
Lev Walkin
 
I psec
I psecI psec
I psec
nlekh
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)
NYversity
 

Ähnlich wie IPsec Basics: AH and ESP Explained (20)

Ip Sec
Ip SecIp Sec
Ip Sec
 
IPsec with AH
IPsec with AHIPsec with AH
IPsec with AH
 
Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificates
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1
 
Computer network (12)
Computer network (12)Computer network (12)
Computer network (12)
 
ACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPNACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPN
 
8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6
 
Ip security in i psec
Ip security in i psecIp security in i psec
Ip security in i psec
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdump
 
TCP IP
TCP IP TCP IP
TCP IP
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developers
 
SIP (Session Initiation Protocol)
SIP (Session Initiation Protocol)SIP (Session Initiation Protocol)
SIP (Session Initiation Protocol)
 
I psec
I psecI psec
I psec
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)
 

Mehr von Andriy Berestovskyy

Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
Andriy Berestovskyy
 

Mehr von Andriy Berestovskyy (7)

Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)
 
Networking Fundamentals: IPv4 Routing and Support Protocols
Networking Fundamentals: IPv4 Routing and Support ProtocolsNetworking Fundamentals: IPv4 Routing and Support Protocols
Networking Fundamentals: IPv4 Routing and Support Protocols
 
Networking Fundamentals: Computer Network Basics
Networking Fundamentals: Computer Network BasicsNetworking Fundamentals: Computer Network Basics
Networking Fundamentals: Computer Network Basics
 
Networking Fundamentals: Local Networks
Networking Fundamentals: Local NetworksNetworking Fundamentals: Local Networks
Networking Fundamentals: Local Networks
 
Why my network does not work? Networking Quiz 2017
Why my network does not work? Networking Quiz 2017Why my network does not work? Networking Quiz 2017
Why my network does not work? Networking Quiz 2017
 
The Spectre of Meltdowns
The Spectre of MeltdownsThe Spectre of Meltdowns
The Spectre of Meltdowns
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
 

Kürzlich hochgeladen

原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 

Kürzlich hochgeladen (20)

原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 

IPsec Basics: AH and ESP Explained

  • 1. IPsec Basics Andriy Berestovskyy 2016 ( ц ) А н д р і й Б е р е с т о в с ь к и й networking hour TCP UDP NAT IPsec IPv4 IPv6 internet protocolsAH ESP authentication authorization accounting encapsulation security BGP OSPF ICMP ACLSNAT tunnel PPPoE GRE ARP discovery NDP OSI broadcast multicast IGMP PIM MAC DHCP DNS fragmentation semihalf berestovskyy
  • 3. Internet Protocol Security (IPsec) — protocol suite for secure IP communications that works by authenticating and encrypting each IP packet of a communication session. — Wikipedia 3
  • 4. p Why IPsec? 4 Host A Host B GW 1 Unprotected Network GW 2 p ? Examples?
  • 5. p p p IPsec Rationale 5 Host A Host B GW 1 Unprotected Network GW 2 p p p p p Some Protection Unprotected Protected
  • 6. Basic IPsec Terms Protocol: AH/ESP Authentication Header — just authenticate Encapsulating Security Payload — authenticate (optionally) and encrypt Mode:Transport/Tunnel Transport — encapsulates only IP payload (data) Tunnel — encapsulates an entire IP packet (VPN) Cipher: MD5/SHA-1/3DES/AES... Hashes — integrity check values for authentication (MD5, SHA-1) Encryption — using a secret key (3DES, Blowfish, AES, etc) 6 Key exchange?
  • 7. Secret Key Key Exchange: IKE/Manual Internet Key Exchange — secure key exchange mechanism Manual — out of band key exchange mechanism Mode: Main/Aggressive Main — six packets to establish a secure association Aggressive — three packets, but less secure 7 How to protect IP packets?
  • 8. IPv4 Packet Protocol Numbers: 1 — Internet Control Message Protocol (ICMP) 4 — IPv4 Encapsulation (IPv4) 6 — Transmission Control Protocol (TCP) 17 — User Datagram Protocol (UDP) 41 — IPv6 Encapsulation (IPv6) 47 — Generic Routing Encapsulation (GRE) 50 — Encapsulating Security Payload (ESP) 51 — Authentication Header (AH) ... http://www.iana.org/assignments/protocol-numbers 8 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Protected by IP Checksum
  • 9. Authentication Header Next Hdr — next protocol number AH Length — 4-octet units, minus 2, multiple of 8 SPI — security association index on receiving host Seq Number — strictly increasing number ICV — authentication hash(es) 9 Next Hdr AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (ICV) ... 0 32 What for?
  • 10. AH in Transport Mode 10 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = AH IP Checksum Original Source IP Original Destination IP Original TCP Segment ... 0 32 Next = TCP AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Protected by AH Protected by IP Checksum Why not?
  • 11. AH in Tunnel Mode 11 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = AH IP Checksum Tunnel Source IP Tunnel Destination IP 0 32 Next = IP AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Original IP Packet ... Protected by AH Protected by IP Checksum
  • 12. HMAC* Authentication 12 IP Packet Secret Key 0x363636363636... XORed Key 0x5c5c5c5c5c5c... Hash Function XORed Key Intermediate Hash Hash Function Integrity Check Value * Hash Message Authentication Code
  • 13. Encapsulating Security Payload SPI — security association index on receiving host Seq Number — strictly increasing number (replay attack) Padding — extends payload to cipher block size Next Hdr — next protocol number ICV — authentication hash(es) 13 Security Parameters Index (SPI) Sequence Number Integrity Check Value (ICV) ... 0 32 Encrypted Payload ... Padding (0-255 bytes) Next HdrPad Len
  • 14. ESP in Transport Mode 14 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Protected Protected by IP Checksum Encrypted and Protected Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Original Source IP Original Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP
  • 15. ESP in Tunnel Mode 15 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = TCP IP Checksum Source IP Destination IP TCP Segment ... 0 32 Protected Protected by IP Checksum Encrypted and Protected Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Tunnel Source IP Tunnel Destination IP Encrypted IP Packet ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = IP
  • 16. AES* Encryption 16 Round Key 0 * Advanced Encryption Standard Plain Data Substitute Bytes Shift Rows (Mix Columns) Encrypted Data Round Key N Initial Round Encryption Rounds (14 for AES-256) Note: no Mix Columns at last round
  • 17. IPsec + NAT Any issues? 17
  • 18. AH - does not work IPsec + NAT Issue 18 ESP - just one session Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = AH IP Checksum Source IP Destination IP Original TCP Segment ... 0 32 Next = TCP AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Source IP Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP Why?Why?
  • 19. IPsec + NAT 19 AH - does not work ESP - just one session Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = AH IP Checksum Translated Source IP Original Destination IP Original TCP Segment ... 0 32 Next = TCP AH Length Reserved Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Translated Source IP Original Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP ouch! no ports :(
  • 20. ESP NAT Traversal 20 Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto = ESP IP Checksum Translated Source IP Original Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP Ver IHL DSCP Total LengthE ID Fl Fragment Offset TTL Proto=UDP IP Checksum Translated Source IP Original Destination IP Encrypted TCP Segment ... 0 32 Security Parameters Index (SPI) Sequence Number Integrity Check Value (MD5 or SHA-1) Padding (0-255 bytes) Pad Length Next = TCP Destination Port = 4500 UDP Checksum Random Source Port Length
  • 21. p p p Real World Example 21 Host A Host B GW 1 Unprotected Network GW 2 p p Security Association Security Policy p p p Security Params Idx Protected by IP Checksum Encrypted by ESP
  • 22. Security Association Database ip xfrm state add src <SRC-IP> dst <DST-IP> proto esp [auth <ALGO> <KEY>] enc <CIPHER> <KEY> # xxd -p -l 16 /dev/urandom a4adda25cba555587d29b22135e3c174 # ip xfrm state add src 172.16.1.3 dst 172.16.1.4 proto esp spi 0x1 auth md5 MyPass enc aes 0xa4adda25cba555587d29b22135e3c174 # ip xfrm state add src 172.16.1.4 dst 172.16.1.3 proto esp spi 0x2 auth md5 MyPass enc aes 0xa4adda25cba555587d29b22135e3c174 22 # ip xfrm state show src 172.16.1.4 dst 172.16.1.3 proto esp spi 0x00000002 reqid 0 mode transport replay-window 0 auth-trunc hmac(md5) 0x4d7950617373 96 enc cbc(aes) 0xa4ad... sel src 0.0.0.0/0 dst 0.0.0.0/0 src 172.16.1.3 dst 172.16.1.4 proto esp spi 0x00000001 reqid 0 mode transport replay-window 0 auth-trunc hmac(md5) 0x4d7950617373 96 enc cbc(aes) 0xa4ad... sel src 0.0.0.0/0 dst 0.0.0.0/0
  • 23. Security Policy Database ip xfrm policy add <SELECTOR> dir <DIR> tmpl <TEMPLATE> # ip xfrm policy add dev eth1 dir out tmpl proto esp 23 # ip xfrm policy show src 0.0.0.0/0 dst 0.0.0.0/0 dev eth1 dir out priority 0 tmpl src 0.0.0.0 dst 0.0.0.0 proto esp reqid 0 mode transport
  • 24. Checklist 1. IPsec? 2. Transport vs tunnel? 3. AH? 4. ESP? 5. AH vs ESP? 6. HMAC? 7. Security Policy? 8. Security Association? 9. NAT traversal? 10. Linux tool? 24
  • 25. References 1. RFC 4301. Security Architecture for the Internet Protocol. 2. RFC 4302. IP Authentication Header. 3. RFC 4303. IP Encapsulating Security Payload (ESP). 4. RFC 4306. Internet Key Exchange (IKEv2) Protocol. 5. An Illustrated Guide to IPsec: http://unixwiz.net/techtips/iguide-ipsec.html 6. IANA Protocol Numbers: http://www.iana.org/assignments/protocol-numbers 25